Sydney hospital loses $2 million in alleged BEC fraud
A Sydney hospital lost $2M in a BEC scam. Learn how to protect your business with MFA, email authentication, and robust financial controls.
The age of deepfake fraud is truly here.
Hong Kong police recently reported a fraudulent scheme involving deepfake technology, resulting in a finance worker transferring $39 million to impostors. The employee, working for a multinational firm, fell victim during a video conference call.
Believing he was interacting with his company’s chief financial officer and colleagues, the worker later discovered all participants were deepfake imitations. The scam involved a request for a confidential transaction, leading to the transfer of approximately $39.3m AUD ($195m Hong Kong dollars).
The incident has made international headlines, a starter shot in the race to defend businesses’ money against deepfake-enabled scams.
Senior Superintendent Baron Chan Shun-ching of the Hong Kong police detailed the incident. Initially sceptical, the worker dismissed a suspicious email from someone claiming to be the firm’s UK-based chief financial officer – this wasn’t a reckless employee, but instead seems to be a case of a cautious sceptic who was alert to the possibility of phishing.
But the worker’s doubts subsided after the extremely realistic video call.
Chan said the ruse was part of a broader pattern of deepfake-assisted frauds.
Hong Kong authorities reported six arrests related to similar scams. Investigations revealed that eight stolen Hong Kong identity cards facilitated 90 loan applications and 54 bank account registrations. Fraudsters used AI-generated deepfakes to deceive facial recognition systems on at least 20 occasions.
The misuse of deepfake technology extends beyond financial deception, with recent incidents – like the sexually suggestive material of Taylor Swift that went viral – highlighting its potential for creating damaging and deceptive content.
Deepfake videos aren’t the only way scammers leverage generative artificial intelligence (AI). AI is largely acting as an accelerant for existing scam tactics, but it’s also creating brand new threats altogether:
To manage this new risk environment, finance leaders need to think creatively, stay informed and implement technology-driven processes. Crucially, this should involve a combination of solutions rather than relying only on training or financial controls that were designed during a pre-digital era.
Leaders will need to reassess three major areas:
A Sydney hospital lost $2M in a BEC scam. Learn how to protect your business with MFA, email authentication, and robust financial controls.
CFOs, beware: cybercriminals are exploiting DocuSign’s legitimate business tools to deliver fraudulent invoices directly through trusted channels. This scheme is particularly dangerous …
Because LinkedIn is used as a professional networking platform, account holders don’t use the same caution as they would on Facebook or …
Eftsure provides continuous control monitoring to protect your eft payments. Our multi-factor verification approach protects your organisation from financial loss due to cybercrime, fraud and error.